Blog Layout
Cybersecurity: A Clearer Focus
In this post we navigate the social impacts of this unprecedented hack and it's questions for how we shape a safer cyber future.
I sometimes wish certain moments in time came with warning labels. For example, “Proceed at your own risk” or “You are doing good if you make it to next year.” This was the case for all of 2020. I know I am not alone in seeing last year as a place of navigating one unexpected circumstance after another with moments of hope; that maybe things will get better. In 2020 we had not just COVID to navigate, but social unrest as our global socioeconomic structures were challenged. In a grand finale befitting such an unpredictable year, we had the Solar Winds hack in cyber.
I write not to give another series of practical cyber help tips. There have been at least 20 posts on LinkedIn alone, so you can stop reading now if you are looking for that information. However, I think it shone a much needed light on the topics we fail to discuss as a community. We want to educate people not to fall for phishing scams through tech, but not engage the real elephant in the room, why they should care, and how we get people to engage. In the interim, while our collective “they” don’t engage, our society, in my cyber 2021 prediction, will see the most significant volume of damaging breaches in this coming 2021. This is not due to just the pervasiveness of the Solar Winds hack, but this hack is post almost 25 to 30 years of cybersecurity being poorly managed, poorly funded, and poorly regulated. At some point, “the horses left the barn,” a few decades ago and we lost track of where they went.
So here we are, in my view, the societal issues we need to address now, in hopes to maybe make the unraveling not painful. 1. Why don’t people care? I think we are at a place where due to COVID, our society depends on tech to function. However, most folks don’t care, and that is a real topic we need to address. Whether it is the board room or a child is playing their favorite esports game. The apathy level is way too high for any meaningful change to happen. The truth is “We Are Your Only Hope,” meaning doesn’t matter if we hire 1 million new cyber professionals; we are not successful without everyday people engaged and helping do their part. 2. Cyber Ethics. Who makes the rules? I can’t be the only person to wonder why we have toasters and refrigerators connected to the internet. I think at the end of the day, who decides this stuff is a good idea. I always tell my own children, because you can doesn’t mean you should. When will we start to demand this type of ethical response for tech? Who decides how much information is too much to collect? We’ve gone from Big Data to Big Nightmare, and no one is asking critical questions or reigning this in as we enter the world of quantum computing, deep fakes and artificial intelligence (AI). 3. Are you prepared to be Digital Citizen? One sad assumption is that the digital world is a mirror of the physical, and nothing could be further from the truth. I don’t think we’ve prepared ourselves and our younger people for what that means. In reality, we (GenX and older) are mostly not prepared. I’d argue that Gen Z and below are defining what these rights look like for themselves, irrespective of existing structures. What kind of rights do I have as a digital citizen? Who decides this? Let’s be clear that traditional societal boundaries defined by National, State, and Local identity are quite frankly behind and fastly becoming irrelevant in shaping this conversation. 4. Cyber Civil Rights? I owe the term “Cyber Civil Rights” to my good friends Mike Echols and Veda Woods. In this era where you can be, do, and have anything in a digital space, it appears the interface with the physical and digital has flaws. On the flip side, digital technology is being used in definitive ways to make law enforcement decisions without a full understanding of the weaknesses and biases built into many of these algorithms. For example, many of the racial basis that affects black and brown people are being transferred into this tech’s algorithms unknowingly using biased data sets. The technology is also being used to target children to fuel the sex trafficking trade globally. These are a few examples of many emerging issues surrounding Civil/Human Rights and tech.
My challenge for all of us is to not make cybersecurity this simple one faceted item focused on tech solutions to hacks. This is about how we protect our digital way of life. It is the people that are behind the tech that matters beyond all else. Our world now relies on the confidentiality, integrity, and sustainability of the entire ecosystem. People must be engaged in knowing their risks and being a part of the conversation on risk mitigation for our shared digital world. This requires us having conversations that cross generations and cultural boundaries to ensure our societies are globally protected for the highest good of us all.
Thank you for reading and I invite comments and ask you to share. We are all in this together..#Weareone #covsec
I write not to give another series of practical cyber help tips. There have been at least 20 posts on LinkedIn alone, so you can stop reading now if you are looking for that information. However, I think it shone a much needed light on the topics we fail to discuss as a community. We want to educate people not to fall for phishing scams through tech, but not engage the real elephant in the room, why they should care, and how we get people to engage. In the interim, while our collective “they” don’t engage, our society, in my cyber 2021 prediction, will see the most significant volume of damaging breaches in this coming 2021. This is not due to just the pervasiveness of the Solar Winds hack, but this hack is post almost 25 to 30 years of cybersecurity being poorly managed, poorly funded, and poorly regulated. At some point, “the horses left the barn,” a few decades ago and we lost track of where they went.
So here we are, in my view, the societal issues we need to address now, in hopes to maybe make the unraveling not painful. 1. Why don’t people care? I think we are at a place where due to COVID, our society depends on tech to function. However, most folks don’t care, and that is a real topic we need to address. Whether it is the board room or a child is playing their favorite esports game. The apathy level is way too high for any meaningful change to happen. The truth is “We Are Your Only Hope,” meaning doesn’t matter if we hire 1 million new cyber professionals; we are not successful without everyday people engaged and helping do their part. 2. Cyber Ethics. Who makes the rules? I can’t be the only person to wonder why we have toasters and refrigerators connected to the internet. I think at the end of the day, who decides this stuff is a good idea. I always tell my own children, because you can doesn’t mean you should. When will we start to demand this type of ethical response for tech? Who decides how much information is too much to collect? We’ve gone from Big Data to Big Nightmare, and no one is asking critical questions or reigning this in as we enter the world of quantum computing, deep fakes and artificial intelligence (AI). 3. Are you prepared to be Digital Citizen? One sad assumption is that the digital world is a mirror of the physical, and nothing could be further from the truth. I don’t think we’ve prepared ourselves and our younger people for what that means. In reality, we (GenX and older) are mostly not prepared. I’d argue that Gen Z and below are defining what these rights look like for themselves, irrespective of existing structures. What kind of rights do I have as a digital citizen? Who decides this? Let’s be clear that traditional societal boundaries defined by National, State, and Local identity are quite frankly behind and fastly becoming irrelevant in shaping this conversation. 4. Cyber Civil Rights? I owe the term “Cyber Civil Rights” to my good friends Mike Echols and Veda Woods. In this era where you can be, do, and have anything in a digital space, it appears the interface with the physical and digital has flaws. On the flip side, digital technology is being used in definitive ways to make law enforcement decisions without a full understanding of the weaknesses and biases built into many of these algorithms. For example, many of the racial basis that affects black and brown people are being transferred into this tech’s algorithms unknowingly using biased data sets. The technology is also being used to target children to fuel the sex trafficking trade globally. These are a few examples of many emerging issues surrounding Civil/Human Rights and tech.
My challenge for all of us is to not make cybersecurity this simple one faceted item focused on tech solutions to hacks. This is about how we protect our digital way of life. It is the people that are behind the tech that matters beyond all else. Our world now relies on the confidentiality, integrity, and sustainability of the entire ecosystem. People must be engaged in knowing their risks and being a part of the conversation on risk mitigation for our shared digital world. This requires us having conversations that cross generations and cultural boundaries to ensure our societies are globally protected for the highest good of us all.
Thank you for reading and I invite comments and ask you to share. We are all in this together..#Weareone #covsec
Section four of the "Executive Order on Improving the Nation’s Cybersecurity" introduced a lot of people in tech to the concept of a “Software Supply Chain” and securing it. If you make software and ever hope to sell it to one or more federal agencies, you have to pay attention to this. Even if you never plan to sell to a government, understanding your Software Supply Chain and
Google has agreed to settle a lawsuit filed in June 2020 that alleged that the company misled users by tracking their surfing activity who thought that their internet use remained private when using the “incognito” or “private” mode on web browsers.
The class-action lawsuit sought at least $5 billion in damages. The settlement terms were not disclosed.
The plaintiffs had
Cybersecurity researchers are warning about an increase in phishing attacks that are capable of draining cryptocurrency wallets.
"These threats are unique in their approach, targeting a wide range of blockchain networks, from Ethereum and Binance Smart Chain to Polygon, Avalanche, and almost 20 other networks by using a crypto wallet-draining technique," Check Point researchers Oded Vanunu,
This is a question anyone can ask and should be asking on behalf of themselves and within your organizations. However, we often view cybersecurity through the lens of feeling vulnerable. In this post we explore a few ways to start to empower yourself and organization to tackle cybersecurity.
The Insider threat in cybersecurity is a tricky subject. We often don't want to approach it because, as the name says, this is someone we have given our trust to that frankly can't be trusted. However, this week we talk about cybersecurity from this angle. The internet village we all share requires us to share and trust in ways we never expected.
Leadership: A female perspective Danyetta Fleming Magana and Javeria Ayaz Malik reflect upon the role of women in crisis leadership
I had planned to share a wonderfully done newsletter article but opted to share from the heart. I've been truly blessed and honored to be in the security community for over 20 years and have many colleagues and friends who help secure our physical and virtual world.
While I admit I love the work from home and the ability to order groceries online, I wouldn't say I like watching children bullied, the elderly targeted and pensions stolen, charities losing donations, and companies going out of business due to the insecurity of our global internet village.
It was out of this place that I realized that we needed to reignite a fundamental truth that "We Are One" always connected.
Humanitarian Cyber Career chat and social media do’s and dont’s for high school and college students - please circulate this flier with your teachers and students so they register! As a part of registration they can enter up to 3 questions they’d like answered at the event. Speakers include Patricia Zebertavage (FBI), Keith Moulsdale (cyber attorney), Veda Woods (leveraging cyber to combat child trafficking), Sean Anthony Guillory, Ph.D. (Cyber automation SME), and more!
How long will I be down from a ransomware attack?
